Ethereal-dev: [Ethereal-dev] Fix for wrong decoding of LDAP bind replies

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Matthias Drochner <M.Drochner@xxxxxxxxxxxxx>
Date: Fri, 12 Aug 2005 19:52:33 +0200
Hi -
I'll attach a patch which fixes the decoding of authenticated
LDAP bind replies. The SASL credentials are always "context
specific" in terms of ASN.1.
I've tested the fix with DIGEST-MD5 authentication.
(Without the patch, ethereal complains about a wrong type
because it expects an ASN.a octet string.)
(You might also consider a stricter check of the ASN.1 header
type for the GSSAPI and GSS-SPNEGO cases, but I can't test this.)

best regards
Matthias



$NetBSD: patch-ac,v 1.3 2005/08/12 17:38:40 drochner Exp $

--- epan/dissectors/packet-ldap.c.orig	2005-07-26 21:26:41.000000000 +0200
+++ epan/dissectors/packet-ldap.c
@@ -1283,16 +1283,10 @@ static void dissect_ldap_response_bind(A
         a->offset += cred_length;
       } else {
         if (read_bytestring(a, tree, hf_ldap_message_bind_server_credentials,
-                            NULL, NULL, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
+                            NULL, NULL, ASN1_CTX, 7) != ASN1_ERR_NOERROR)
           return;
       }
       break;
-
-    default:
-      if (read_bytestring(a, tree, hf_ldap_message_bind_server_credentials,
-                          NULL, NULL, ASN1_CTX, 7) != ASN1_ERR_NOERROR)
-        return;
-      break;
     }
   }
 }